search

drakkan / sftpgo

Full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob
https://sftpgo.com
GNU Affero General Public License v3.0
9.2k stars 717 forks source link

[Bug]: unexpected message type 106 #1669

Open mgutt opened 3 months ago

mgutt commented 3 months ago

⚠️ This issue respects the following points: ⚠️

Bug description

A remote server (environment unknown) tries to connect to SFTPGo with SSH Key, but after the client sends a packet of type 106, the server closes the connection.

Steps to reproduce

The foreign user send me his verbose log:

sftp -oPort=2222 -vvv bar@10.1.2.3.4 
...
debug1: Next authentication method: publickey
debug1: Offering public key: /foo/foopw0/.ssh/id_rsa RSA SHA256:123456
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: /foo/foopw0/.ssh/id_rsa RSA SHA256:123456
debug3: send packet: type 106
debug1: Sent ALLOW_PKCS12_KEYSTORE_CLIENT_FLAG packet
debug3: sign_and_send_pubkey: RSA SHA256:123456
debug3: sign_and_send_pubkey: signing using rsa-sha2-512
debug3: send packet: type 50
Connection closed by 10.1.2.3.4 port 2222
Connection closed

The SFTPGo server logged:

{"level":"debug","time":"2024-06-24T15:30:07.444","sender":"sftpd","message":"failed to accept an incoming connection from ip \"10.9.9.9\": ssh: unexpected message type 106 (expected one of [50])"}

Regarding here, this type is non-standard produced by "IBM AIX": https://superuser.com/a/1457492/129262

And can be solved as follows: ~/.ssh/config, use: AllowPKCS12keystoreAutoOpen no

The "bug" in this scenario could is this quote:

as per RFC 4253 section 11.4, which specifies that the server is supposed to only inform the client of unsupported message types

So SFTPGo should not close the connection, instead it should return the answer, that this message type is not supported?!

Expected behavior

Not sure, maybe only answering that the ssh message type is not supported while leaving the connection intact.

SFTPGo version

2.6.2

Data provider

sqlite

Installation method

Community Deb package

Configuration

No relevant changes

Relevant log output

No response

What are you using SFTPGo for?

Private user, home usecase (home backup/VPS), Medium business

Additional info

sftpgo -v

SFTPGo 2.6.2-636a1c2c-2024-06-21T17:21:25Z +metrics +azblob +gcs +s3 +bolt +mysql +pgsql +sqlite -unixcrypt +portable

drakkan commented 3 months ago

Does the reference ssh implementation, OpenSSH, behave differently than SFTPGo?

We provide support for edge cases like this to our Enterprise plan subscribers, but feel free to submit a PR, we'll do our best to review even though we don't have access to an AIX system

mgutt commented 3 months ago

Does ... OpenSSH, behave differently

Regarding this question I would say no (or some versions of OpenSSH accept it, while others don't).